Hi there, for frontend calls I'm not using either fetch or axios. It's umi-request. Which is not including authentication headers automatically. We're trying to create a custom interceptor but I don't know how to get the plain access token in order to include it in the headers. How can I do this?

You must set this on your session.init :

Session.init({
            jwt: {
                enable: true,
            },
`

After you can get the JWT like this :

app.get("/getJWT", verifySession(), async (req, res) => {
    let session = req.session;

    let jwt = session.getAccessTokenPayload()["jwt"];

    res.json({ token: jwt })
});

Would this give me the payload or the actual token? 🤔

The jwt

The actual access token is stored as httpOnly cookies. So you can't read it on the frontend.

is it

sIdRefreshToken

?

yes. correct. It may also be returned during API calls that modify the access token's payload.